August 26, 2019

When cybercrooks
first got into phishing in a big way, they went straight to where they figured
the money was: your bank account.

A few years ago,
we used to see a daily slew of bogus emails warning us of banking problems at
financial institutions we’d never even heard of, let alone done business with,
so the bulk of phishing attacks stood out from a mile away.

Back then,
phishing was a real nuisance, but even a little bit of caution went an
enormously long way.

That’s the era
that gave rise to the advice to look for bad spelling, poor grammar, incorrect
wording and weird-looking web sites.

Make no
mistake, that advice is still valid. The crooks still frequently make mistakes
that give them away, so make sure you take advantage of their blunders to catch
them out. It’s bad enough to get phished at all, but to realise afterwards that
you failed to notice that you’d “logged into” the Firrst Bank of Texass or the Royall
Candanian Biulding Sociteye by mistake – well, that would just add insult to
injury.

These days,
you’re almost certainly still seeing phishing attacks that are after your
banking passwords, but we’re ready to wager that you get just as many, and
probably more, phoney emails that are after passwords for other types of
account.

Email accounts
are super-useful to crooks these days, for the rather obvious reason that your
email address is the place that many of your other online services use for
their “account recovery” functions.

Who are you going
to believe: screen sweetheart Julia Roberts or Instagram chief Adam Mosseri
himself?

Roberts and a
host of other celebrities have unfortunately fallen for an Instagram version of
the Facebook
chain letter hoax. After making the rounds on Facebook, it spread to
Instagram, bleating all the way with its legalistic, poorly written and
puzzlyingly punctuated load of horsefeathers about a purported privacy policy
change taking place “tomorrow!”

The hoax would
have us all believe that Instagram is planning to tweak its privacy policy to
let old messages and private photos be used in court cases against its users.

This is described
as a default credentials flaw which could allow an attacker to log into the
command line interface using the SCP user account giving them “full read and
write access to the system’s database.”

Employees at
Portland Public Schools were breathing easier this week after thwarting a
business email compromise (BEC) scam that could have cost them almost $3m.

BEC is a sneaky
form of attack in which a criminal impersonating a third party convinces
someone at an organization to wire them money. The crook targets someone with
control of the purse strings and uses what looks at first glance like a
legitimate account owned by a supplier or business partner.

Sometimes, a BEC
scammer might compromise the email account of a senior executive at the target
company, or at their supplier, to get a better idea of how they communicate.
They could even send an email directly from that account to someone with access
to company funds. Sometimes, though, they can spoof an email and request the
funds without hacking anything, relying entirely on social engineering.

Who, you may ask,
would fall for such a thing? Lots of people apparently, including two
employees at Portland Public Schools. A fraudster contacted them pretending
to be from one of the institution’s construction contractors, asking them to
send payment to an account. Of course, the request was illicit, and the account
illegitimate. Nevertheless, the employees approved the payments, sending $2.9
million into the ether.

Luckily, Portland
Schools moved quickly to stop the transaction. In a letter to employees and
schools, superintendent Guadalupe Guerrero said that the banks involved froze
the fraudulent funds, adding:

PPS has
already begun the process to recover and fully return funds back to the
district, likely within the next several days.

Guerrero didn’t
reveal how Portland Public Schools found the fraud, but the institution acted
quickly after it did. It immediately contacted the FBI and Portland Police,
along with the Board of Education.

Microsoft has
(once again) joined the “our contractors are listening to your audio clips”
club: up until a few months ago, your Xbox may have been listening to you and
passing those clips on to human contractors, Vice’s
Motherboard reported on Wednesday.

Like all the
other revelations about tech giants getting their contractors and employees to
listen in to voice assistant recordings – they’ve been coming at a steady clip
since April – the purpose is once again to improve a device’s voice
recognition.

Another
similarity to earlier voice assistant news: Xbox audio is supposed to be
captured following a voice command, such as “Xbox” or “Hey Cortana,” but
contractors told Motherboard that the recordings are sometimes triggered and
recorded by mistake. That’s the same thing that’s been happening with Siri: as
we found out in July, Apple’s voice assistant is getting
triggered accidentally by ambient sounds similar to its wake words, “Hey,
Siri,” including the
noise of a zipper.

This is
Microsoft’s second eavesdropping headline this month: a few weeks ago we
reported that humans listen
to Skype calls made using the app’s translation function, as well as to
clips recorded by Microsoft’s Cortana virtual assistant.

Can anybody
NOT hear me?

Also earlier this
month, thanks to whistleblowers who were disturbed by the ethical
ramifications, we found out that Facebook has been collecting some voice
chats on Messenger and paying contractors to listen to and transcribe them.

They were all
doing it: Facebook, Google, Apple, Microsoft and Amazon.

We wanted a Clear
History button. We wanted the ability to wipe out the data Facebook has on us –
to nuke it to kingdom come. We wanted this many moons ago, and that’s kind of,
sort of what Facebook
promised us, in May 2018, that we’d be getting – within a “few months.”

Well, it’s 15
months later, and we’re finally getting what Facebook promised: not the ability
to nuke all that tracking data to kingdom come, which it never actually
intended to create, but rather the ability to “disconnect” data from an
individual user’s account.

The browsing
history data that Facebook collects on us when we visit other sites will live
on, as it won’t be deleted from Facebook’s servers. As privacy experts have
pointed out, you won’t be able to delete that data, but you will be getting new
ways to control it.

Facebook
announced the new set of tools, which it’s calling Off-Facebook Activity
and which includes the Clear History feature, on Tuesday.

Facebook Chief
Privacy Officer of Policy Erin Egan and Director of Product Management David
Baser said in a Facebook newsroom post that the new tools should help to shed
light on all the third-party apps, sites, services, and ad platforms that track
our web activity via Facebook’s various trackers.

Those trackers
include Facebook
Pixel: a tiny but powerful snippet of code embedded on many third-party
sites that Facebook has lauded as a clever way to serve
targeted ads to people, including non-members. Another tool in Facebook’s
tracking arsenal is Login with Facebook, which many apps and services use
instead of creating their own login tools.

The Silence crew
is making a lot more noise. The Russian-speaking hacking group, which specializes
in stealing from banks, has been spreading its coverage and becoming more
sophisticated, according to a new report from cybersecurity company Group-IB.

It follows a
report from the company last year which was the first to identify and analyses
the Silence group. You can find both reports here.

Group-IB characterizes
Silence as a young and relatively immature hacking group that draws on the
tools and techniques of others, learning from them and adapting them to its own
needs. It has been traditionally cautious, waiting an average of three months
between attacks.

That hasn’t
stopped it profiting, though. A string of heists has bought the group’s total
ill-gotten gains to $4.2m as of this month. As it evolves, the group has been
broadening its geographical reach and developing new malware to refine its
techniques, the report says.

It has also added
a new step to its hacking process: a reconnaissance mail. Since late last year,
it has started sending emails to potential targets containing a benign image or
link. This helps it update its active target list and detect any scanning
technologies that the victims use.

Then, armed with
a list of valid addresses, it sends them a malicious email. It can carry
Microsoft Office documents with malicious macros, CHM files (Compiled HTML,
often used by Microsoft’s help system) or.LNKs (a link to an executable file).
Successful exploits install the group’s malware loader, Silence.Downloader (aka
TrueBot). It has rewritten this loader to build encryption into some of the
communication protocol with the command and control (C2) server.

More recently,
the group has begun using a fileless loader called Ivoke, written in
PowerShell. Silence began using fileless techniques later than other groups,
showing that they are studying and then modifying other groups’ techniques,
Group-IB said.

ACS

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880863-229-4244

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.

Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC. We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.